Subj : Major US university websites hacked to show Fortnite spam
To   : All
From : TechnologyDaily
Date : Mon Apr 24 2023 20:15:03

Major US university websites hacked to show Fortnite spam

Date:
Mon, 24 Apr 2023 18:54:32 +0000

Description:
Some government websites were also compromised to serve malware.

FULL STORY
======================================================================

Criminals are aiming to steal Fortnite user accounts, and is using websites 
belonging to American universities to do so. 

A new report from BleepingComputer claims to have found an ongoing phishing 
campaign leveraging compromised websites belonging to Stanford, MIT, 
Berkeley, UMass Amherst, Northeastern, Caltech, and other universities. 

Tipped off by Twitter user g0njxa, the publication says that there are 
multiple websites, powered by TWiki or MediaWiki (content management systems 
and web app platforms), that are hosting Fortnite and gift card spam sites. 
No free lunch 

Apparently, someone managed to compromise these websites and upload wiki 
pages that promote fake websites that offer free gift cards and free Fortnite 
in-game currency, among other things. 

Visitors that click the links promoted on these pages will see a login form 
mimicking Fortnite. Should they try to enter their credentials, theyd give 
them directly to the attackers. Read more 

> What is phishing and how dangerous is it? 


 > Phishing emails are seeing a huge rise, so stay on your guard 


 > Check out the best ID theft protection right now 

Are you an avid Fortnite player looking for the most efficient way to get 
your hands on V Bucks? If so, you've come to the right place! one of the 
malicious pages reads. 

Besides university sites, some government websites were also abused for the 
same purpose, the publication claims, mentioning mini-sites hosted by a 
Brazilian state government, as well as European Unions Europa.eu. In the 
latters case, the Europass e-Portfolio service (a job search portal) seems to 
have been leveraged. 

Aside from BleepingComputer, no cybersecurity researchers have yet joined the 
investigation, it seems. At the moment, we dont know who is behind the 
attack, or if they used any malware, or leveraged any zero-day 
vulnerabilities, to compromise these websites. The publication says that 
MediaWiki released security updates last month, but none of those addressed 
this campaign. 

System admins operating MediaWiki and TWiki sites should run a search on 
their sites for malicious content such as gift card, Fortnite, and similar. 
These are the best firewalls today 

Via: BleepingComputer



======================================================================
Link to news story:
https://www.techradar.com/news/major-us-university-websites-hacked-to-show-for
tnite-spam


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.